I have problems in some environments, where these SChannel errors are generated. Well. It took me several days to find reasonable “why” it is logged.

Problem:

The event ID from the picture can be seen from time to time:

Solution:

Based on several articles I have read and some discussions. First you have to make sure, that the process causing this error is LSASS.exe, which is by the way local security authentication server (authenticating users to winlogon service, using authentication such as msgina.dll and so on). To make sure it is LSASS.EXE. Open Event ID and check the Event ID details, Click on Details tab -> Expand System while friendly view is selected. Check Process ID.

Then use powershell and run:

Get-Process | select name,id | sort id

Result should give you the name of the processes. It will be lsass.exe.

Why:

Reason is simple. Not standard or corrupted behavior of web browsers or users. The problem behind SChannel and Exchange 2012 is, that sometimes users use HTTP protocol, but on port 443, which expects certificates exchange rather than GET command.

How to test:

Option 1#:

Test is easy. For example you can input URL to your browser address bar, which is obviously wrong and see the results: HTTP://MAIL.DOMAIN.LOCAL:443/OWA – It says to use HTTP protocol (not HTTPS) on the 443 port and it generates errors immediately.

Option 2#:

Run Telnet and test command:

Telnet localhost 443 (to connect to HTTPS)

In Telnet window:

Get /index.htm (on HTTPS SSL must be established first so it will generate errors immediately. Result will not be seen in telnet window)

What is the solution?

Solution #1:

Some IT guys recommend to disable SCHannel logging to get rid of these events, but I cannot recommend that. To be honest. It is better to see, that somebody is trying to connect using HTTP on HTTPS port, because this might be some attempt to DoS attack or info, that users don´t know how to type OWA URL correctly. Shortly it is better to know something is wrong than disable logging.

Solution #2:

I suspect wrong redirect configuration for the websites from HTTP to HTTPS. I would check IIS if redirect is set correctly. For those having this issue without redirect I would suspect problem in web browser area.

Just a tip if you have large Exchange environment and Get-VirtualDirectory cmdlets take a long time.

You can follow KB2896472 and use the AdPropertiesOnly switch with the cmdlet which returs the virtual directory properties that are stored in Active Directory Domain Services and not in the Internet Information Services (IIS) metabase.

On of my customers have Exchange 2010 SP3 migrated from 2007 and 2003 and wanted to have federation with Office 365 for remote archiving purpose. More about hybrid deployments might be found on technet: http://technet.microsoft.com/en-us/library/hh945197(v=exchg.141).aspx . We have had several troubles to make it work and one of MS suggestions was to install Free/Busy folders on Hybrid (CAS / HUB servers). We have fulfilled the need by Two steps:

After installation of Mailbox role and Free / Busy folder there is a mailbox database created on the server (As in the default installation of new mailbox server). Watch out! This database is not excluded from provisioning so new mailboxes can be created there and it doesnt have circular logging enabled. Microsoft did not mention that in doc, so I am mentioning to be safe and for my future reference.

Here is a nice tip from Shay Levy: How to re-format known Exchange size format 1006 MB (1,055,195,632 bytes) to another size unit (KB,MB,GB, and so on) from csv (string) source? Just use the accelerator [Microsoft.Exchange.Data.ByteQuantifiedSize].

My friend came with problem to add second copy of databese in Exchange 2013 DAG, because replication service failed to perform initial seed due to different configuration between source (first copy) and target (second copy)disks. I wanted to test it, so here is case study:

Works normally. Database is seeded and also incremental seed works. Before point 2 I removed the mailbox database copy and formatted NTFS with lower block size.

[PS] C:\Windows\system32>Remove-MailboxDatabaseCopy testdb\frontend1
Confirm
Are you sure you want to perform this action?
Removing database copy for database "TESTDB" on server "FRONTEND1".
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
WARNING: The copy of mailbox database "TESTDB" on server "FRONTEND1" has been removed. If necessary, manually delete
the database copy's files located at "f:\TESTDB" and "F:\TESTDB\Testdb.edb" on that server.
[PS] C:\Windows\system32>

AD 2) Create second copy of the database using SCSI, GPT, NTFS but lower size of the block (2kB)

I have preconfigured the disk with the same drive letter F: , GPT and now I will format the NTFS to 2kB block size.

Works normally. Database is seeded and also incremental seed works. Before point 2 I removed the mailbox database copy and formatted NTFS with lower block size.

AD 3)Create second copy of the database using IDE, MBR disk with the same NTFS config as the first copy of the database

Result:

I haven´t found error or problematic configuration, however, there might be some stuff useful for others. It took so much energy to test, that I would still like to post this article for future refference.